Index: lams_central/conf/security/Owasp.CsrfGuard.properties
===================================================================
diff -u -rcf258bae4dd72eab7a6f5bc895b96966caafaf06 -recc49cd6851b43f37ef02c2ddb85257096e2cf49
--- lams_central/conf/security/Owasp.CsrfGuard.properties	(.../Owasp.CsrfGuard.properties)	(revision cf258bae4dd72eab7a6f5bc895b96966caafaf06)
+++ lams_central/conf/security/Owasp.CsrfGuard.properties	(.../Owasp.CsrfGuard.properties)	(revision ecc49cd6851b43f37ef02c2ddb85257096e2cf49)
@@ -1,8 +1,12 @@
 # Only check POST forms. If we need to, we can add GET and other HTTP methods
 org.owasp.csrfguard.ProtectedMethods=POST
 
-# By default do not check anything. ignoreAll is the same as filter coverage in web.xml
-org.owasp.csrfguard.unprotected.ignoreAll=*.do
+# Do not check anything except for pages which are explicitly marked as protected
+org.owasp.csrfguard.Protect = true
+
+# Mandatory field for stateful applications like LAMS
+org.owasp.csrfguard.LogicalSessionExtractor = org.owasp.csrfguard.session.SessionTokenKeyExtractor
+
 # List of actions to check
 # Each key goes into a separate line prefixed with org.owasp.csrfguard.protected.
 # A key suffix must not contain a dot "." character
@@ -59,6 +63,8 @@
 org.owasp.csrfguard.protected.centralPortraitDelete=/lams/saveportrait/deletePortrait.do
 org.owasp.csrfguard.protected.centralPortraitSave=/lams/saveportrait.do
 org.owasp.csrfguard.protected.centralPasswordChange=/lams/passwordChanged.do
+org.owasp.csrfguard.protected.centralForgotPassword=/lams/ForgotPasswordRequest
+org.owasp.csrfguard.protected.centralLogin=/lams/j_security_check
 
 #QB
 org.owasp.csrfguard.protected.centralSaveQuestion=/lams/qb/edit/saveOrUpdateQuestion.do
@@ -127,6 +133,7 @@
 org.owasp.csrfguard.protected.assessmentMonitoringExportExcel=/lams/tool/laasse10/monitoring/exportSummary.do
 org.owasp.csrfguard.protected.assessmentMonitoringAllocateUserAnswer=/lams/tool/laasse10/monitoring/allocateUserAnswer.do
 org.owasp.csrfguard.protected.assessmentMonitoringSetActivityEvaluation=/lams/tool/laasse10/monitoring/setActivityEvaluation.do
+org.owasp.csrfguard.protected.assessmentMonitoringChangeLeader=/lams/tool/laasse10/monitoring/changeLeaderForGroup.do
 org.owasp.csrfguard.protected.assessmentSaveUserGrade=/lams/tool/laasse10/monitoring/saveUserGrade.do
 org.owasp.csrfguard.protected.assessmentUpdateTimeLimit=/lams/tool/laasse10/monitoring/updateTimeLimit.do
 org.owasp.csrfguard.protected.assessmentUpdateIndividualTimeLimit=/lams/tool/laasse10/monitoring/updateIndividualTimeLimit.do
@@ -141,6 +148,9 @@
 org.owasp.csrfguard.protected.dokuAuthoringSave=/lams/tool/ladoku11/authoring/update.do
 org.owasp.csrfguard.protected.dokuAuthoringDefineLater=/lams/tool/ladoku11/authoring/definelater.do
 org.owasp.csrfguard.protected.dokuMonitoringUpdateLearnerMark=/lams/tool/ladoku11/monitoring/updateLearnerMark.do
+org.owasp.csrfguard.protected.dokuMonitoringChangeLeader=/lams/tool/ladoku11/monitoring/changeLeaderForGroup.do
+org.owasp.csrfguard.protected.dokuMonitoringUpdateTimeLimit=/lams/tool/ladoku11/monitoring/updateTimeLimit.do
+org.owasp.csrfguard.protected.dokuMonitoringUpdateIndividualTimeLimit=/lams/tool/ladoku11/monitoring/updateIndividualTimeLimit.do
 
 org.owasp.csrfguard.protected.forumAuthoringSave=/lams/tool/lafrum11/authoring/update.do
 org.owasp.csrfguard.protected.forumAuthoringDefineLater=/lams/tool/lafrum11/authoring/definelater.do
@@ -164,7 +174,7 @@
 org.owasp.csrfguard.protected.leaderAuthoringSave=/lams/tool/lalead11/authoring/updateContent.do
 org.owasp.csrfguard.protected.leaderAuthoringDefineLater=/lams/tool/lalead11/authoring/definelater.do
 org.owasp.csrfguard.protected.leaderSaveLeaders=/lams/tool/lalead11/monitoring/saveLeaders.do
-org.owasp.csrfguard.protected.leaderTblmonitoringChangeLeader=/lams/tool/lalead11/tblmonitoring/changeLeader.do
+org.owasp.csrfguard.protected.leaderMonitoringChangeLeader=/lams/tool/lalead11/monitoring/changeLeader.do
 
 org.owasp.csrfguard.protected.laqaAuthoringSave=/lams/tool/laqa11/authoring/submitAllContent.do
 org.owasp.csrfguard.protected.laqaAuthoringDefineLater=/lams/tool/laqa11/authoring/definelater.do
@@ -173,6 +183,7 @@
 org.owasp.csrfguard.protected.laqaAuthoringSaveOrUpdateCondition=/lams/tool/laqa11/authoringConditions/saveOrUpdateCondition.do
 org.owasp.csrfguard.protected.laqaAuthoringRemoveCondition=/lams/tool/laqa11/authoringConditions/removeCondition.do
 org.owasp.csrfguard.protected.laqaMonitoringSubmissionDeadline=/lams/tool/laqa11/monitoring/setSubmissionDeadline.do
+org.owasp.csrfguard.protected.laqaMonitoringChangeLeader=/lams/tool/laqa11/monitoring/changeLeaderForGroup.do
 
 org.owasp.csrfguard.protected.larsrcAuthoringSave=/lams/tool/larsrc11/authoring/update.do
 org.owasp.csrfguard.protected.larsrcAuthoringDefineLater=/lams/tool/larsrc11/authoring/definelater.do
@@ -204,6 +215,7 @@
 org.owasp.csrfguard.protected.sbmtAuthoringSave=/lams/tool/lasbmt11/authoring/updateContent.do
 org.owasp.csrfguard.protected.sbmtAuthoringDefineLater=/lams/tool/lasbmt11/authoring/definelater.do
 org.owasp.csrfguard.protected.sbmtMonitoringSubmissionDeadline=/lams/tool/lasbmt11/monitoring/setSubmissionDeadline.do
+org.owasp.csrfguard.protected.sbmtMonitoringChangeLeader=/lams/tool/lasbmt11/monitoring/changeLeaderForGroup.do
 org.owasp.csrfguard.protected.sbmtUpdateMark=/lams/tool/lasbmt11/mark/updateMark.do
 org.owasp.csrfguard.protected.sbmtReleaseMarks=/lams/tool/lasbmt11/monitoring/releaseMarks.do
 org.owasp.csrfguard.protected.sbmtDownloadMarks=/lams/tool/lasbmt11/monitoring/downloadMarks.do
@@ -218,8 +230,11 @@
 org.owasp.csrfguard.protected.scratchieAuthoringRemoveItem=/lams/tool/lascrt11/authoring/removeItem.do
 org.owasp.csrfguard.protected.scratchieMonitoringExportExcel=/lams/tool/lascrt11/monitoring/exportExcel.do
 org.owasp.csrfguard.protected.scratchieMonitoringSubmissionDeadline=/lams/tool/lascrt11/monitoring/setSubmissionDeadline.do
+org.owasp.csrfguard.protected.scratchieMonitoringChangeLeader=/lams/tool/lascrt11/monitoring/changeLeaderForGroup.do
 org.owasp.csrfguard.protected.scratchieTblMonitoringExportExcel=/lams/tool/lascrt11/tblmonitoring/exportExcel.do
 org.owasp.csrfguard.protected.scratchieSaveUserMark=/lams/tool/lascrt11/monitoring/saveUserMark.do
+org.owasp.csrfguard.protected..scratchieUpdateTimeLimit=/lams/tool/lascrt11/monitoring/updateTimeLimit.do
+org.owasp.csrfguard.protected..scratchieUpdateIndividualTimeLimit=/lams/tool/lascrt11/monitoring/updateIndividualTimeLimit.do
 
 org.owasp.csrfguard.protected.spreadsheetAuthoringSave=/lams/tool/lasprd10/authoring/updateContent.do
 org.owasp.csrfguard.protected.spreadsheetAuthoringDefineLater=/lams/tool/lasprd10/authoring/definelater.do
@@ -240,6 +255,7 @@
 org.owasp.csrfguard.protected.voteAuthoringAddNomination=/lams/tool/lavote11/authoring/addSingleNomination.do
 org.owasp.csrfguard.protected.voteAuthoringRemoveNomination=/lams/tool/lavote11/authoring/removeNomination.do
 org.owasp.csrfguard.protected.voteMonitoringSubmissionDeadline=/lams/tool/lavote11/monitoring/setSubmissionDeadline.do
+org.owasp.csrfguard.protected.voteMonitoringChangeLeader=/lams/tool/lavote11/monitoring/changeLeaderForGroup.do
 org.owasp.csrfguard.protected.voteHideOpenVote=/lams/tool/lavote11/monitoring/hideOpenVote.do
 org.owasp.csrfguard.protected.voteShowOpenVote=/lams/tool/lavote11/monitoring/showOpenVote.do